Photo by Chris Panas on Unsplash
With cloud adoption being on the rise in the security industry (and more generally) understandably, cloud security is one of the first concerns. In this instance, a question that arises is “how secure is cloud based CCTV?”. It’s a common misconception that cloud (and in this instance, cloud based CCTV) isn’t secure. The truth is, if used properly, cloud based CCTV can be more secure than storing all your footage locally. Read on to learn why security fears shouldn’t keep you from moving your CCTV footage to the cloud.
Cloud & video surveillance: Where does cloud fit in?
Firstly, ‘why cloud?’; individuals and businesses have adopted cloud based technologies for a variety of reasons. One of the benefits is not having to own and possess the systems storing the data/information we use. For example, in the past, we used chunky TV recorders to record the episodes we wanted to watch. And now we have Netflix (a cloud based technology) that holds our episodes for us! Cloud means you don’t have to worry about capacity. It means you can access the content anywhere you have a device that connects to the internet, and that the content is easy to download and share. You can read more about other Videoloft features including 4K resolution and video analytics.
To consider ‘how secure the cloud is’, it is vital to understand the difference between a cloud provider, cloud applications, and the cloud customer. The cloud provider is those that hold the computing infrastructure for storage and applications. These are companies that you will most likely have heard of, e.g. Google Cloud, IBM, Microsoft, or Amazon Web Services (AWS).
For cloud based CCTV, you likely have a middleman who uses cloud providers to enable their applications. In this instance, Videoloft uses Amazon Web Services (AWS) to enable our customers to store their CCTV footage remotely. We’re not alone; in fact companies that you may know of which use AWS to power their applications include the likes of Netflix, Twitch, Linkedin, and Facebook.
The final part of the chain: the end user or, if you’re an engineer, your customers who use the applications/storage that relies on cloud based systems.
Are cloud systems inherently risky?
As the National Cyber Security Centre puts it: “In our experience, data breaches in the cloud mostly come from the customer failing to protect their own data. Leaving your data insecure and hoping no-one will find it is like leaving the car unlocked and hoping no-one will steal it.” Ensuring security online is always partly the users’ responsibility. They need to make sure their passwords are strong, unique and remain confidential. Same applies to those accounts that are cloud based.
In fact, according to Microsoft’s research, a whooping 94% of small businesses actually report security benefits since moving to the cloud. It would be wrong to say cloud security is completely robust and could never be vulnerable to attack, they could be attacked like any piece of technology, but for reasons below it is unlikely.
Cloud based security and the shared responsibility model
Cloud security takes the form of a ‘shared responsibility model’ in which the responsibility for maintaining security falls on multiple layers. The responsibility for a secure system simultaneously falls on the cloud provider (e.g. AWS, Google Cloud, etc.), those that run the cloud based applications (Videoloft, Netflix, Twitch, etc.), and the end user.
What AWS does for security? The cloud provider ensures the integrity of its resource and equipment. They’re also responsible for their operating systems and the foundations of their software and operating systems.
While the cloud provider (AWS) has responsibility of the cloud, those using the cloud have responsibility for the security in the cloud. What does Videoloft do to help to secure our customers who use our cloud based CCTV systems? All of our customers’ video is saved to AWS using modern encryption standards (256-bit) and transmitted securely over encrypted TLS (HTTPS) channels, ensuring that the data cannot be viewed whilst in transit or in storage.
The final strand of the security is the end user themselves. In this case it’s important that customers try to use unique and strong passwords, as you would with any system. Keeping your passwords private and remaining vigilant against phishing attacks where criminals try to steal your information.
Security of cloud based CCTV vs traditional CCTV systems
From the moment traditional hardware (in this case IP camera or a recorder) is shipped, it’s effectively out of date.
With out-of-date hardware you’re more vulnerable to cyber-attacks as new vulnerabilities arise and aren’t patched. However, Videoloft’s Cloud Adapter is constantly upgraded through software updates, which means it’s always up to date and therefore even more secure. Moreover, many traditional DVRs that allow for internet connection and remote viewing require port forwarding. To get around a firewall you essentially form a hole in the system, in turn leaving it vulnerable to infiltration. With Videoloft you don’t need to forward any ports, thus significantly increasing the security of the system.
Videoloft – Cloud based CCTV and access of their manufacturers?
One of the common questions we get asked is if the camera manufacturers have access to their cloud recordings on Videoloft. The answer is no. Videoloft Cloud Adapter runs on entirely our software, with no code from any camera manufacturer. Despite this, our Cloud Adapter can still use the functionality enabled by the camera. In other words, means that we can still offer certain trigger events that camera brands can. However, the manufacturer doesn’t have access to our Cloud Adapter or the footage you upload to Videoloft. Therefore, you have peace of mind that your storage remains entirely with us.
The integrity of the footage on the cloud
Another common concern is around the safety and reliability of the footage in the cloud and making sure it’s not ‘disappearing’. Having cloud storage is actually very robust and protects against reasons that could mean your footage is destroyed by just having an onsite recorder. Those reasons include the accidental damage of the recorder, for example fire or deliberate damage by an intruder. Furthermore, there’s a possibility of onsite recorders malfunctioning, especially those with no alerts to tell you that there’s a malfunction! Finally, recorders have limited storage, meaning there’s a risk of overwritten video. However, cloud storage protects you from the physical vulnerabilities that come with an onsite recorder. In short, it’s more likely your footage remains intact and there when you need it.
How secure is cloud CCTV?
Move your CCTV to the cloud
You can move your CCTV footage to the cloud with Videoloft. You can do so by either completely replacing your onsite recorder and just storing on the cloud. Otherwise, you could have cloud storage alongside a recorder, for the purposes of remote access, alerts and a storage backup.
Are you a security professional looking to add cloud to customers’ security systems? Learn more about our free partner program for security installers, integrators and dealers.